As part of its plan to better protect federal computer networks from cyber threats, the Department of Homeland Security (DHS) a month ago awarded the telecommunications firm CenturyLink [CTL] a contract to begin monitoring the Internet traffic of its government customers to detect and prevent malicious cyber attacks against those networks, a department official says.
The award to CenturyLink was made as part of the Einstein 3 Accelerated (E3A) program, Roberta Stempfley, acting assistant secretary for the Office of Cyber Security and Communications within the DHS National Protection and Programs Directorate, tells the House Homeland Security Cybersecurity Subcommittee. DHS is also in negotiations with four other Internet Service Providers (ISPs) that service the federal government to provide the same network protection services, she says.
Due to acquisition sensitivities, DHS declined to say the value of the award to CenturyLink or name the other ISPs it is in negotiations with.
The E3A program will deliver cyber “intrusion prevention capabilities as a Managed Security Service provide by Internet Service Providers,” DHS said in a Privacy Impact Assessment (PIA) it issued for the program in April. “Under the direction of DHS, ISPs will administer intrusion prevention and threat-based decision-making on network traffic entering and leaving participating federal civilian Executive Branch agency networks.”
Stempfley says that CenturyLink will be providing the E3A services to its customers while the other ISPs the department is negotiating contracts will provide those cyber services to its federal customers.
The E3 program was originally a DHS effort to provide classified capabilities to the ISPs but under the accelerated version of the program, which began a year ago, DHS is taking “advantage of the innovation that the ISPs can provide into this environment” as they “are most knowledgeable of their own infrastructure,” Stempfley says.
Einstein 3 is part of the National Cybersecurity Protection System begun by DHS in 2008 to protect federal civilian government computer networks from known or suspected cyber attacks. Earlier deployments of Einstein, versions 1 and 2, analyzed network flow records and provided detection and alerts of known and suspected cyber threats.
Under E3A, DHS is on schedule to achieve final operational capability of the intrusion prevention capability by the end of 2015 versus the original 2018 schedule, Stempfley says. Moreover, the life-cycle cost of the deployment is the same, she added.
According to the April PIA, the E3A program initially will use two cyber threat countermeasures in protecting federal networks, Domain Name Server (DNS) sinkholing capability and email filtering.
DNS sinkholing allows DHS to block malware on federal networks from communicating with known or suspected malicious Internet domains while the email filtering permits the department to scan email sent to federal civilian networks for malicious attachments and other malwares.